malwarewikiaorg-20200223-history
WannaPeace
WannaPeace is an encryption ransomware trojan that seems to target computer users in Brazil, as well as other Portuguese speakers. Payload Transmission WannaPeace is typically delivered to victims through the use of corrupted spam email attachments, often in the form of corrupted files that take the form of fake invoices or updated terms of service. These email messages will often appear to come from legitimate senders, such as Amazon or PayPal. Infection WannaPeace will encrypt a wide variety of user-generated files types, including the files with the following extensions: .3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip. WannaPeace will add the string '_enc' to the end of each affected file's name, as a way to mark the files encrypted by the WannaPeace attack. WannaPeace demands its ransom payment by displaying a program window with the title '@AnonymousBr – WannaPeace' on the infected computer. WannaPeace's ransom note reads as follows: Desculpe.., seus arquivos foram encriptados! Permita nos apresentar como Anonymous, e Anonymous apenas. Nós somos uma idéia. Uma idéia que não pode ser contida. perseguida nem aprisionada. Milhares de seres humanos estão nesse momento rufigiadce, feridos, com fome e sofrendo... Todos como vítimas de uma guerra que não é nem mesmo deles!!! Mas infelizmente apenas palavras não mudarão a situação desses seres humanos... tt40 queremos os seus arquivos ou lhe pre:. _ma pequena contnbuição Lembre-se.., contnbuindo você não vai estar apenas recuperando os seus arquivos... ...e sim *dando a recuperar a dignidade dessas vitimas... Envie a sua contribuição de apenas: 0.08 Bitcoins para carteira/endereço abaixo. WannaPeace's ransom note's text translated from Portuguese into English reads: Sorry, your files have been encrypted! Please refer to us as Anonymous, and Anonymous only. We are an idea. An idea that can not be contained. persecuted or imprisoned. Thousands of human beings are now killed, wounded, hungry and suffering ... All as victims of a war that is not even theirs !!! But unfortunately only words will not change the situation of these human beings ... ACCOUNT NAME if you want your files back: make a contribution Remember, by conniving you will not only be recovering your files ... ... and yes * giving to recover the dignity of these victims ... Please send your contribution of only: 0.08 Bitcoins to wallet: CHARCTERS WannaPeace demands a ransom in Bitcoins that is equivalent to about 800 USD. Category:Microsoft Windows Category:Ransomware Category:Win32 Category:Win32 ransomware Category:Trojan Category:Win32 trojan Category:Assembly